I have a customer who wants us to block or disable IGMP in their FortiGate 60E that is located on an internal and closed network. I have not worked with Fortinet/Fortigate before, so I please be patient.
So I have Googled to find a solution and read up on ways to do this, but have so far not found a clear cut way to do it. Maybe someone here have already tried this and found a solution?
I have also come up with a few possible ways forward, but the lack of a lab and my inexperience with Fortinet/FortGate makes me a bit hesitant to try it "Live".
Below is my preferred alternative
config firewall multicast-policy edit set status enable set logtraffic disable set srcintf "all" set dstintf "all" set srcaddr "all" set dstaddr "all" set snat disable set action deny set protocol 2 set start-port 0 set end-port 0 set auto-asic-offload disable next end
But maybe this is a better way to do it?
config router multicast multicast-routing disable end
Thank you in advance for any assistance. I do appreciate it
By default, IGMP has a TTL of 1, which means it will not be routed by the Fortigate. Moreover, IGMP is not enabled by default on the Fortigate, you have to enable it on each interface which should participate to multicast.
For me, there is nothing special to configure on the Fortigate to achieve what is requested.
The thing is that my customer have recently started to have another company collect trace information and they are the ones that claim that they get IGMP from the network that is below this/my 60E. Their network is not only upstream from this 60E, it si in fact even upstream from yet another FortiGate. So there are actually two FortiGates between "my" network and "their" network. I have also read that FortiGates by default route IGMP, so I am guessing this is regardless of the number of hops
We have most probably located the Host that is the source of the IGMP traffic, but have yet to figure out what on that Host that is the culprit. If we can figure out what is using IGMP on that Host, I guessing we do not have to Block the entire protocol. But until we have figured that out, I still would like to pursue how to block IGMP in FortiGates.
Thank you also for the link. I have seen that page and maybe it is just my lack of understanding of the FortGate, but I fail to understand how I using the information on this page can block an entire Protocol. Maybe you or someone else can be of any assistance?
Do you or anyone else have any comments on either of my previously mentioned ways of blocking IGMP?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.